[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's using group access do not work (ITS#2118)


I have found the following:

If I edit dn.c, and remove the following if statement, I can bind without 
problem as supervisor.  I know that validf is being set to:

 validf = ad->ad_type->sat_syntax->ssyn_validate;

by debugging statements I added in to find what it is being set to.

When I did a %s output on validf, it shows: \326^B@
which didn't help me much. ;)

Here is the output to the logs (with my added debug statements):

>>> dnNormalize: <suRegID=
normal else: validf set to ssyn_validate.
LDAPDN_rewrite2: validf = <\326^B@>

Here is the if statement:

                       if ( validf ) {
                                /* validate value before normalization */
                                rc = ( *validf )( ad->ad_type->sat_syntax,
                                                ? &ava->la_value
                                                : (struct berval *) 
&slap_empty_bv );

                                if ( rc != LDAP_SUCCESS ) {

                                    return LDAP_INVALID_SYNTAX;


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html